Abstract
Despite the increasing frequency and cost of network security breaches, many organizations still question the need to invest in security technology. This paper utilizes a Bayesian influence diagram in conjunction with a decision tree to quantify the cost of network intrusion. Quantifying this cost permits managers to compare the loss associated with network security breaches with the cost of utilizing appropriate IS security technology. The model developed within is applied to a simple example of a firewall implementation.